The CIA’s cyberespionage toolkit made public by WikiLeaks has been linked to 40 spying operations in 16 countries, an early public assessment of the intelligence agency’s global hacking operations, computer security company Symantec said Monday.
In a blog post, the California-based Symantec Corp. said the tools in WikiLeaks’ recent releases have been linked to the electronic infiltration of international, financial, energy and aerospace organizations across the world. Like many security firms, Symantec draws on data supplied by its clients. Researcher Dick O’Brien declined to provide further details, saying might prompt speculation as to the identity of the people or organizations involved.
“I will say, in terms of the regions, the largest region represented in terms of those targets was the Middle East,” O’Brien said in a telephone interview.
The word “CIA” was mentioned nowhere in Symantec’s post, but few if any doubt that that’s where the tools come from. When WikiLeaks began releasing them in early March, it gave an unusually explicit account of how the tools had been taken from the CIA’s Center for Cyber Intelligence. The U.S. government has since all but publicly accepted the embarrassing claim; about a week later, President Donald Trump told a television host: “I just want people to know the CIA was hacked, and a lot of things taken.”
O’Brien said that while Symantec didn’t dispute that assessment, pinning the tools on a specific government agency was “straying outside our area of expertise.”
Intriguingly, O’Brien said one CIA tool was discovered breaking into an U.S. computer — only to uninstall itself almost immediately afterward.
“That, to us, smacks of an accidental compromise,” we said. “Our assessment is it was likely a mistake.”